===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.494
retrieving revision 1.495
diff -c -r1.494 -r1.495
*** www/errata.html 2004/05/27 18:32:06 1.494
--- www/errata.html 2004/05/30 22:40:51 1.495
***************
*** 56,61 ****
--- 56,77 ----
All architectures
+ -
+ 008: SECURITY FIX: May 30,
+ 2004
+ A flaw in the Kerberos V kdc(8)
+ server could result in the administrator of a Kerberos realm having
+ the ability to impersonate any principal in any other realm which
+ has established a cross-realm trust with their realm. The flaw is due to
+ inadequate checking of the "transited" field in a Kerberos request. For
+ more details see
+ Heimdal's announcement.
+
+
+ A source code patch exists which remedies this problem.
+
-
008: SECURITY FIX: May 26,
2004
***************
*** 246,252 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.494 2004/05/27 18:32:06 matthieu Exp $